Web development: Integrated JavaScript libraries are almost never updated

A Cloudflare survey unearths what web developers have always known. Once used, JavaScript libraries remain permanently without updates.

The CDN provider Cloudflare addresses a phenomenon that should not be new to developers. Once developers have linked the required libraries such as jQuery in the head of the respective website, they remain permanently in operation in the linked version. There is usually no update strategy.

The static state of common JS libraries

Cloudflare was able to prove this with the help of the jQuery library and the animation library Tweenmax via the hosting service CDNJS. With both libraries it was found that old, even very old versions still receive requests to a significant extent.

Although Cloudflare has always been able to determine increasing usage figures for the current versions, these increasing numbers were not accompanied by falling values ​​for old versions. This confirms the impression that once implemented libraries remain in the project forever, at least until they become dysfunctional for other reasons.

Cloudflare does not offer explanations, but the following factors could be decisive for the phenomenon.

jQuery: Omnipresent JavaScript library. (Screenshot: t3n)

The 3 ways to integrate a JS library

CDNJS (i.e. content delivery network for JavaScript) is an alternative to the Google CDN, for example. The difference is the variety of hosted libraries, which is greater with CDNJS.

The CDNJS allows developers to incorporate popular JavaScript libraries via a link to the CDNJS. However, old versions are not replaced by new ones, but the version history remains available as a whole.

The alternative to a CDN is to store the required libraries on the project’s web server and integrate them from there, or to access the library’s official repository via a link, although not every library allows or even provides for this.

The problem: Set it and forget it

The options presented already show the problem. Once integrated, JavaScript libraries are statically linked. If the library developers now issue an update, the libraries, some of which have been integrated in the millions, are not automatically updated. Rather, the webmaster would have to take care of it himself.

Low update motivation understandable for two reasons

In classic creation processes, there are essentially two problems. Often times, the developer is paid to provide a website. Once finished and handed over, neither the customer nor the developer bother.

The second problem is that so-called breaking changes can occur in the course of updating JS libraries. That means the updated library would require further changes to the website in order for it to work as before.

It is precisely this second point that customers usually cannot understand. You have paid for a website that works and you are now supposed to pay for adjustments to keep it working as before. For his part, the developer is not over-motivated to make changes that can lead to strange behavior in previously functional processes.

Disadvantages of CDN and other third-party hosters

Developers who work on behalf of customers are just as reluctant to opt for integration via CDN (Content Delivery Network) or via the official project, if this allows it at all. Because a CDN or other host is always a third party, for whose smooth functionality there is no guarantee. Why should the developer take this risk, especially since the size of the common JavaScript libraries does not suggest the use of CDN in any way?

For the developer, the worst case scenario would be an automatic integration of the latest version of a library. This means that he loses all control over the uptime forecast of the websites he is responsible for. Who wants to be rang out of bed by customers at three o’clock in the morning because their online shop has given up the ghost?

Current libraries only on the agenda for large-scale and own projects

Things look different when developers oversee their own projects or are outsourcing employees who are responsible for the operation of one or more websites. Here, too, external integration will not be the first choice because of the additional requests, the latency that cannot be controlled and the possible security problems.

But the to-do list will definitely state that the libraries used are checked for up-to-dateness at least at defined time intervals and, if in doubt, adjusted.

How do you deal with the topic?

Fittingly: competition for JavaScript? W3C declares web assembly the web standard

You might be interested in that too

Ready to see us in action:

More To Explore

Enable registration in settings - general
Have any project in mind?

Contact us: